Blockchain versus GDPR and who should adjust most

It has now been more than four months since the European Union General Data Protection Regulation (hereafter GDPR) came into effect. This regulation aims to strengthen privacy and personal data protection in the EU, by giving private persons more control over their personal data. But it also offer a uniform set of regulations for businesses with customers in the EU region, with the risk of hefty fines in case of non-compliance.

This event however has caused a lot of concerns in the blockchain industry. At first glance some GDPR provisions seem in direct conflict with the fundamentals of blockchain technology, and may even be intrinsically incompatible with what the new European privacy rules seek to uphold. For blockchain the most controversial GDPR mandate is the “Right to be Forgotten”, giving individuals the right to request that their personal data be removed from a record. Because of its decentralised character with immutable blockchains, data however cannot be deleted. Blockchains are designed to last forever. That puts blockchain in direct opposition to the GDPR.

Main question is: Are there ways to be found so that GDPR and blockchain may co-exist? Can blockchain work properly in tandem with the new GDPR regulations without harming its fundamentals? And how should regulators react?

EU General Data protection Regulation (GDPR): what does it mandate?

The General Data Protection Regulation (GDPR) is a far-reaching privacy legislation that is designed to enhance the protection of personal data and give individuals in the EU greater control over their own data. The GDPR is requiring not only transparency into what companies will do with consumer data, but also mandating clear consent mechanisms to ensure that consumers understand what companies are sharing, with whom, and for what purpose. GDPR thereby regulates the collection, processing, transfer and retention of every EU citizen’s personal data, requiring companies to provide visibility and control to individuals, on demand. Non-compliance with GDPR can result in heavy fines.

GDPR however has a number of key provisions that could heavily impact blockchain.